Threats and Vulnerabilities Mitigation

Updated: March 10, 2009

Although Windows EBS includes a variety of security mechanisms, there may be threats or vulnerabilities in your network infrastructure.

The following table describes identified threats or vulnerabilities in Windows EBS and the proactive steps that you can take to lessen the risks. The table does not list common threats and vulnerabilities that are mitigated by the default configurations of the Windows EBS servers and the network.

For a list of resources for threats and vulnerabilities mitigation, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=128048).

Threat or vulnerability

Description

Mitigation

Components of Windows EBS may not have applied critical security updates from Microsoft Update.

During the initial phase of installation on each of the Windows EBS servers, the Installation Wizard attempts to connect to Microsoft Update to download and install critical security updates. If critical updates are not applied, the servers may not be protected from known security vulnerabilities.

By default, the Update Management security component in Windows EBS is not configured to synchronize on a regular schedule with Microsoft Update to download updates. Until this synchronization schedule is configured, or you synchronize manually, the updates are not downloaded or applied to the managed computers in your domain.

Plan for Internet connectivity during the deployment of Windows EBS. If critical updates are not applied, do not complete the installation of Windows EBS.

Configure the Update Management component with recommended settings to synchronize daily or more frequently with Microsoft Update.

During the installation of Windows EBS and after deployment, the servers for Windows EBS may be vulnerable to certain password attacks.

Each of the Windows EBS servers restarts automatically several times during installation. Until you join each server to the Windows EBS domain, the server logs on automatically after each restart by using a null password to continue the installation.

During installation of the Management Server, the domain administrator password is stored temporarily as an encrypted string object in a configuration file.

If you create a new Active Directory forest during the installation of Windows EBS, and you use a weak password for the default domain administrator account, your domain administrator password may be vulnerable to tampering.

If you join an existing Active Directory domain during the installation of Windows EBS, and you do not enforce strong password policies in the existing domain, your domain administrator password may be vulnerable to tampering.

Before each server for Windows EBS joins the domain, to prevent tampering, do not leave the computer unattended. After you join each server to the domain, you must log on with an account that has enterprise administrator privileges.

If you do not complete the installation of Windows EBS on the Management Server, it is recommended that you reformat the volume or partition that contains the system files.

An add-in for Windows EBS may run malicious code during the installation or after it is deployed or enabled in the Windows EBS Administration Console.

The installation program for an add-in for Windows EBS must be run by using an account with domain administrator privileges. If the installation program is provided by an untrustworthy source, it could install malicious software on the Management Server.

A malicious add-in for Windows EBS may interfere with or disable the Windows EBS Administration Console.

Add-ins that are enabled in Windows EBS run with domain administrator privileges. Even if it is obtained from a trusted publisher, an add-in for Windows EBS may introduce vulnerabilities to the domain controller that could be exploited by others.

It is recommended that you carefully evaluate an add-in for Windows EBS before you install it and enable it on the Management Server. You should confirm that an add-in is published by a trustworthy source.

For more information about managing add-ins, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=108924).

The Remote Web Workplace Web site may be vulnerable to denial-of-service attacks.

If multiple connections are made to the Remote Web Workplace site, users may experience slow response, timeouts, or a denial-of-service.

Users of Remote Web Workplace must belong to the Remote Web Workplace Users security group, and they must be authenticated by logging on to Remote Web Workplace.

The Management Server may be vulnerable to denial-of-service attacks if users’ Documents are redirected to that server.

If you use a shared folder on the system or data volume of the Management Server to redirect users’ Documents folders, a user could disable the Management Server by filling the shared folder to capacity.

Configure a shared folder on a separate volume from the system volume or data volume to redirect users’ Documents folders.

For information about configuring Documents redirection, see the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=108928).